Offline Virtual Machine Servicing Tool v2.1 (VHD)

Source; http://blogs.technet.com/virtualization/archive/2009/12/10/Offline-Virtual-Machine-Servicing-Tool-v2.1-.aspx

Virtualization affects how we plan, build, deploy, operate, and service workloads. Customers are creating large libraries of virtual machines containing various configurations. The patch-state of these virtual machines are not always known. Ensuring that offline virtual machines are properly patched and won’t become vulnerable the instant they come online is critical.

I am therefore very pleased to state that the Offline Virtual Machine Servicing Tool v2.1 has now been released!

Congratulations to the Solution Accelerator team for this release!

The Offline Virtual Machine Servicing Tool 2.1 has free, tested guidance and automated tools to help customers keep their virtualized machines updated, without introducing vulnerabilities into their IT infrastructure.

The tool combines the Windows Workflow programming model with the Windows PowerShell interface to automatically bring groups of virtual machines online, service them with the latest security updates, and return them to an offline state.

What’s New?

Release 2.1 is a direct response to customer and Microsoft field requests to support the R2 wave. Offline Virtual Machine Servicing Tool 2.1 now supports the following products:
· Hyper-V-R2
· VMM 2008 R2
· SCCM 2007 SP2
· WSUS 3.0 SP2
· OVMST 2.1 also supports updates to Windows 7 and Windows Server 2008 R2 virtual machines.

Download here; Offline Virtual Machine Servicing Tool  2.1
More info; http://technet.microsoft.com/en-us/library/cc501231.aspx

System Center Virtual Machine Manager 2008 R2 RTM!

http://techlog.org/images/vmm_2008.png

Zane Adam: System Center Virtual Machine Manager 2008 R2 has RTM’d and GA via volume licensing is set for October 1. This is great news for all and I’d like to especially thank our VMM 2008 R2 Development, Product Management, and Test teams. Lots of hard work fueled by their passion in virtualization and management has resulted in a very good software release.

A 180-day evaluation version is now available, too, on the Microsoft Download site. You can access it here.

Please experience for yourself what the 10,000+ people who have previously downloaded our ‘Release Candidate’ plus organizations such as Continental Airlines, Lionbridge Technologies, and Indiana University have seen with VMM 2008 R2!

I encourage everyone to explore the new System Center Virtual Machine Manager 2008 R2 and its new features such as quick storage migration, live migration, and many others. We even offer support for vSphere 4.

To learn more on the new features and capabilities of VMM2008 R2, please try to attend our upcoming TechNet session ‘Technical Overview of System Center Virtual Machine Manager 2008 R2’. Presented by our Technical Product Manager Kenon Owens, it will be chocked full of new and cool VMM 2008 R2 items. Go here to register for this Wednesday, September 09, 2009 (10:00 AM Pacific) event.

Source : http://techlog.org/archive/2009/08/24/system_center_virtual_machine_

Great Microsoft Virtualization Free E-Book

understanding-microsoft-virtualization-solutionsToday I have another great ebook to share with you. If you are interested in Microsoft virtualization solutions, then book “Understanding Microsoft Virtualization solutions” will be great resource for you. It is available as a free pdf download, and it covers Windows Server 2008 Hyper-V, System Center Virtual Machine Manager 2008, Microsoft Application Virtualization 4.5, Microsoft Enterprise Desktop Virtualization, and Microsoft Virtual Desktop Infrastructure. It’s been written by Mitch Tulloch with the Microsoft Virtualization team, it’s been published by Microsoft Press, it has 431 pages and it is available as FREE DOWNLOAD.

Download “Understanding Microsoft Virtualization solutions – from the Desktop to the Datacenter” free pdf ebook

Original article: Microsoft Press – Microsoft Virtualization Solutions Free E-Book by Brian Johnson

Windows XP Mode within Windows 7

Windows 7 ‘s new XP Mode lets you seamlessly run virtualized applications alongside your regular Windows 7 applications—so your outdated software will continue to work. Before we begin, you’ll want to make sure your system meets the requirements:

  • Processor: Processor capable of hardware virtualization, with AMD-V™ or Intel® VT turned on in the BIOS.
  • Memory: 2GB of memory recommended.
  • Hard disk requirement: 20MB hard disk space for installing Windows Virtual PC . Additional 15GB of hard disk space per virtual Windows environment recommended.

Make sure that your processor supports hardware virtualization, and double-check that the hardware virtualization setting is enabled in your BIOS (the setting is often not enabled although your processor may be supported). You can use the official Intel Processor Identification Utility if you are running Intel, or you can can use previously mentioned SecurAble to determine whether or not your AMD or Intel processor will support XP Mode.

Next, you’ll need to install two software packages on your PC:

  1. Download and install the Windows Virtual PC Beta , which is the virtualization software that powers "XP Mode".
  2. Download and install the Windows XP Mode Beta , which is a specially crafted XP virtual machine .

Once you’ve completed those steps and restarted your computer, run the Virtual Windows XP item in the start menu, add in a password and make sure to choose to remember the credentials if you want the integration features to work smoothly.

Once the wizard is complete, hopefully you will see a dialog that sets up XP for use, which will take quite a while. If you receive a message that hardware virtualization is not enabled, reboot your computer and check that the BIOS option is enabled, usually found under the advanced settings page.

If all goes well, you’ll see a Virtual Windows XP window, complete with a notification to install antivirus software—since XP Mode is nothing more than Windows XP in a virtual machine, you should take the advice and install your favorite antivirus application, especially if you’ll be downloading files in the VM.

At this point you will need to install your applications in Windows XP, and make sure to choose "All Users" anytime you are asked who to install the software for—the integration features won’t work with software that installs just for your user account. If you can’t install for everybody, you can simply choose "Open All Users" on the start menu, and copy a shortcut to the application into the start menu’s programs folder.


Once your applications are installed and shortcuts are in the All Users start menu, they will magically show up in the Windows 7 start menu under the Windows Virtual PC -> Virtual Windows XP Applications folder.


Depending on the state of the virtual machine, you will be prompted to close it in order to switch into "virtual application" mode. If the virtual machine was hibernated, you will see a slightly different prompt, but the general idea is that it can’t be running while you are in application mode.


And now, success! The Chrome window in the front is an XP-mode window—you’ll notice that windows running in XP mode don’t seem to take advantage of the slick Windows 7 drop-shadows, and you won’t see a thumbnail preview in the taskbar or Alt-tab.

This Post lists the best practices for securing Terminal Server or Windows XP (for use with VDI)

How can I protect my terminal servers from Spyware, Malware, Trojans, Worms, Viruses and un-authorized software?


  1. Start with a secure installation of the Operating System.  Windows Server 2003 installs by default with the users being able to create files and folders in the root of the system drive and Windows 2000 Server installs by default with the Everyone group having Full Control NTFS Permissions to the entire System Drive.  To lock down the System Drive on Windows 2000 Server, start with the following settings:

    1. Root of System Drive – Authenticated Users = "Read and Execute"

    2. Root of System Drive – Administrators = "Full Control"

    3. Root of System Drive – System = "Full Control"

    4. Program Files Directory – Authenticated Users = "Read and Execute"

    5. Program Files Directory – Administrators = "Full Control"

    6. Program Files Directory – System = "Full Control"

  2. NEVER allow anyone to logon as an administrator or power user, unless they are a member of the IT Staff / IT Consulting Firm that is responsible for the server, and they are logging on to perform administrative functions, i.e. installing software, performing a backup…

  3. Force "Empty Temporary Internet Files when browser closed" via Group Policy.  This will delete most bad files from the Temp IE location of the user’s profile, and leave only the cookie files.

  4. Implement Roaming Terminal Server Profiles, Mandatory Terminal Server Profiles or Flex Terminal Server Profiles.

  5. Enable DeleteRoamingCache in the registry, or via "Delete Cached Copies of Roaming Profiles " in Group Policy.  Since the Roaming Profile does not propagate the user’s Temp Directory, enabling this policy will usually delete that anything the user downloaded unintentionally.  This policy deletes the user’s local profile at logoff once it’s been successfully unloaded and copied to the roaming location.

  6. Install the User Profile Hive Cleanup Service , which helps to ensure user sessions are completely terminated when a user logs off.  Without this service, user profiles are often not unloaded successfully which causes the copy to the roaming profile location and DeleteRoamingCache setting to fail.

  7. Install a Terminal Server compatible anti-virus scanner on each terminal server, a VSAPI anti-virus scanner on each SMTP Server, and an anti-virus scanner at the Internet Gateway.

  8. Set the Terminal Services Configuration Permission Compatibility to "Full Security" (Windows Server 2003) , or to "Windows 2000 Users" (Windows 2000 Server) . If you use the "Permissions compatible with Terminal Server 4.0 Users" (Windows 2000 Server) or "Relaxed Security" (Windows Server 2003), each user logging on is added to the TSUser Security Group, which has permissions and rights of the Power Users Group.

  9. Enable Software Restriction Policies in Group Policy, to define which files can be executed by users.

  10. If users need only one application, specify this program to start when they logon.  This can be done for everyone via Group Policy or Terminal Services Configuration , or for specific users via Active Directory or Local User Account.

  11. Consider locking down the user environment with a FREE program like BrsSuite , designed by Terminal Server Security Expert "Fabrice Cornet", of FC Consult, Belgium .

  12. Restrict access to applications normal users shouldn’t ever use, or that do not follow the policy restrictions in place, i.e. winfile and command.com

How can provide the most secure access to terminal servers from the Public Internet?  The RDP Protocol is secure and uses RSA Security’s RC4 cipher, at either 56 or 128 bits, however the following should be considered when providing access to terminal servers over the Public Internet:


  1. Set the RDP-Tcp Encryption Level to "High" (Windows 2000 Server or Windows Server 2003)

  2. Define and enforce a strong password policy .

  3. If you require password authentication to access a Remote Desktop Web Connection (RDWC, aka TSAC or TSWeb), do so over an SSL Connection.  Since you have to logon to the Terminal Server, there really is no advantage to requiring authentication to access a RDWC.

  4. Do NOT use traditional client-to-server VPN to provide secure access to Terminal Servers.  This may sound strange, but traditional client-to-server VPNs require connectivity over non-standard ports client software on the remote computer. These often prevent remote users from being able to connect.  In addition to the connectivity problems traditional VPN can cause, traditional client-to-server VPNs can open the corporate network to viruses, trojans or worms, because they extend the corporate network to the remote client.

  5. Do consider providing secure access to terminal servers via SSL VPN or a Terminal Server Secure Gateway , as these can provide access over standard ports like 443 or 80, which makes connectivity easy for remote users.  These devices or software applications also provide access to a specific computer, or set of computers, instead of opening a secure tunnel to the entire corporate network.

Offline Virtual Machine Servicing Tool

The Offline Virtual Machine Servicing Tool helps organizations maintain virtual machines that are stored offline in a Microsoft® System Center Virtual Machine Manager library. While stored, virtual machines do not receive operating system updates. The tool provides a way to keep offline virtual machines up-to-date so that bringing a virtual machine online does not introduce vulnerabilities into the organization’s IT infrastructure.

The Offline Virtual Machine Servicing Tool helps organizations maintain virtual machines that are stored offline in a Microsoft® System Center Virtual Machine Manager library. While stored, virtual machines do not receive operating system updates. The tool provides a way to keep offline virtual machines up-to-date so that bringing a virtual machine online does not introduce vulnerabilities into the organization’s IT infrastructure.
Download Here: Offline Virtual Machine Servicing Tool

Microsoft Virtual PC 2007 Service Pack 1

Microsoft Virtual PC 2007 SP1: Service Pack Update for Virtual PC 2007 qualifying Windows Server 2008, Vista SP1 and XP SP3. Version 6.0.192.0

This is a full installer with SP1 included, but can also install on existing installations.

Save time and money as Virtual PC allows you to maintain the compatibility of legacy and custom applications during migration to new operating systems and increases the efficiency of support, development, and training staffs.

With Microsoft® Virtual PC 2007, you can create and run one or more virtual machines, each with its own operating system, on a single computer. This provides you with the flexibility to use different operating systems on one physical computer.

For more information about the ways you can use virtual machines, see Virtual PC at http://go.microsoft.com/fwlink/?LinkId=78095.

This update for Microsoft Virtual PC 2007 includes support for the following additional Host and Guest Operating Systems:

Additonal Guest Operating System support:
Windows Vista® Ultimate Edition with Service Pack 1 (SP1)
Windows Vista® Business Edition with Service Pack 1 (SP1)
Windows Vista® Enterprise Edition with Service Pack 1 (SP1)
Windows Server® 2008 Standard
Windows XP Professional with Service Pack 3

Additional Host Operating System support:
Windows Vista® Ultimate Edition with Service Pack 1 (SP1)
Windows Vista® Business Edition with Service Pack 1 (SP1)
Windows Vista® Enterprise Edition with Service Pack 1 (SP1)
Windows XP Professional with Service Pack 3

Download here